Cisco Cisco Firepower Management Center 4000
2-6
FireSIGHT System User Guide
Chapter 2 Logging into the FireSIGHT System
Using the Context Menu
Event Viewer
Event pages (drill-down pages and table views) contain hotspots over each event, IP address, and
certain detected files’ SHA-256 hash values. For most event types, you can use the context menu to
view related information in the Context Explorer, or drill down into event information in a new
window. In places where an event field contains text too long to fully display in the event view, such
as a file’s SHA-256 hash value, a vulnerability description, or a URL, you can use the context menu
to view the full text.
certain detected files’ SHA-256 hash values. For most event types, you can use the context menu to
view related information in the Context Explorer, or drill down into event information in a new
window. In places where an event field contains text too long to fully display in the event view, such
as a file’s SHA-256 hash value, a vulnerability description, or a URL, you can use the context menu
to view the full text.
For captured files, file events, and malware events, you can use the context menu to add a file to or
remove a file from the clean list or custom detection list, download a copy of the file, or submit the
file to the Collective Security Intelligence Cloud for dynamic analysis.
remove a file from the clean list or custom detection list, download a copy of the file, or submit the
file to the Collective Security Intelligence Cloud for dynamic analysis.
For intrusion events, you can use the context menu to perform similar tasks to those in the intrusion
rule editor or an intrusion policy: edit the triggering rule, set the rule state (including disabling the
rule), configure thresholding and suppression options, and view rule documentation.
rule editor or an intrusion policy: edit the triggering rule, set the rule state (including disabling the
rule), configure thresholding and suppression options, and view rule documentation.
Packet View
Intrusion event packet views contain IP address hotspots. Note that the packet view uses a left-click
context menu instead of a right-click menu.
context menu instead of a right-click menu.
Dashboard
Many dashboard widgets contain hotspots to view related information in the Context Explorer.
Dashboard widgets can also contain IP address and SHA-256 value hotspots.
Dashboard widgets can also contain IP address and SHA-256 value hotspots.
Context Explorer
The Context Explorer contains hotspots over its charts, tables, and graphs. If you want to examine
data from graphs or lists in more detail than the Context Explorer allows, you can drill down to the
table views of the relevant data. You can also view related host, user, application, file, and intrusion
rule information.
data from graphs or lists in more detail than the Context Explorer allows, you can drill down to the
table views of the relevant data. You can also view related host, user, application, file, and intrusion
rule information.
Note that the Context Explorer uses a left-click context menu, which also contains filtering and other
options unique to the Context Explorer. For detailed information, see
options unique to the Context Explorer. For detailed information, see
To access the context menu:
Access:
Any
Step 1
On a hotspot-enabled page in the web interface, hover your pointer over a hotspot.
Except in the Context Explorer, a
Right-click for menu
message appears.
Step 2
Invoke the context menu:
•
In the Context Explorer or packet view, left-click your pointing device.
•
On all other hotspot-enabled pages, right-click your pointing device.
A pop-up context menu appears with options appropriate for the hotspot.
Step 3
Select one of the options by left-clicking the name of the option.
If you are using the access control policy editor or NAT policy editor, the rule is modified. Otherwise, a
new browser window opens based on the option you selected.
new browser window opens based on the option you selected.